Skip to content
Navigation Menu
Toggle navigation
Sign in
Appearance settings
Platform
AI CODE CREATION
GitHub Copilot
Write better code with AI
GitHub Spark
Build and deploy intelligent apps
GitHub Models
Manage and compare prompts
MCP Registry
New
Integrate external tools
DEVELOPER WORKFLOWS
Actions
Automate any workflow
Codespaces
Instant dev environments
Issues
Plan and track work
Code Review
Manage code changes
APPLICATION SECURITY
GitHub Advanced Security
Find and fix vulnerabilities
Code security
Secure your code as you build
Secret protection
Stop leaks before they start
EXPLORE
Why GitHub
Documentation
Blog
Changelog
Marketplace
View all features
Solutions
BY COMPANY SIZE
Enterprises
Small and medium teams
Startups
Nonprofits
BY USE CASE
App Modernization
DevSecOps
DevOps
CI/CD
View all use cases
BY INDUSTRY
Healthcare
Financial services
Manufacturing
Government
View all industries
View all solutions
Resources
EXPLORE BY TOPIC
AI
Software Development
DevOps
Security
View all topics
EXPLORE BY TYPE
Customer stories
Events & webinars
Ebooks & reports
Business insights
GitHub Skills
SUPPORT & SERVICES
Documentation
Customer support
Community forum
Trust center
Partners
Open Source
COMMUNITY
GitHub Sponsors
Fund open source developers
PROGRAMS
Security Lab
Maintainer Community
Accelerator
Archive Program
REPOSITORIES
Topics
Trending
Collections
Enterprise
ENTERPRISE SOLUTIONS
Enterprise platform
AI-powered developer platform
AVAILABLE ADD-ONS
GitHub Advanced Security
Enterprise-grade security features
Copilot for Business
Enterprise-grade AI features
Premium Support
Enterprise-grade 24/7 support
Pricing
Search or jump to...
Search code, repositories, users, issues, pull requests...
Search syntax tips
Provide feedback
Saved searches
Use saved searches to filter your results more quickly
Sign in
Sign up
Appearance settings
Resetting focus
You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
You switched accounts on another tab or window.
Reload
to refresh your session.
Dismiss alert
{{ message }}
aquasecurity
/
trivy
Public
Notifications
You must be signed in to change notification settings
Fork
2.9k
Star
30.8k
Code
Issues
169
Pull requests
50
Discussions
Actions
Projects
1
Security
Uh oh!
There was an error while loading.
Please reload this page
.
Insights
Additional navigation options
Code
Issues
Pull requests
Discussions
Actions
Projects
Security
Insights
Issues
Search Issues
is
:
issue
state
:
open
is:issue state:open
Search
Labels
Milestones
New issue
Search results
Open
Closed
fix(misconf): support ENCRYPTED_ONLY as valid SSL/TLS mode in AVD-GCP-0015
kind/bug
Categorizes issue or PR as related to a bug.
Categorizes issue or PR as related to a bug.
scan/misconfiguration
Issues relating to misconfiguration scanning
Issues relating to misconfiguration scanning
Status: Open.
Bug
#9999
In aquasecurity/trivy;
·
nikpivkin
opened
on Dec 31, 2025
feat(maven): add <code>mirrors</code> support for settings.xml files
help wanted
Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.
Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.
kind/feature
Categorizes issue or PR as related to a new feature.
Categorizes issue or PR as related to a new feature.
Status: Open.
#9989
In aquasecurity/trivy;
·
DmitriyLewen
opened
on Dec 25, 2025
bug: during <code>inspectConfig</code>, the OS information obtained from the layers is non-deterministic or missed
kind/bug
Categorizes issue or PR as related to a bug.
Categorizes issue or PR as related to a bug.
Status: Open.
Bug
#9982
In aquasecurity/trivy;
·
DmitriyLewen
opened
on Dec 23, 2025
fix(misconf): safely parse rotation_period in google_kms_crypto_key
kind/bug
Categorizes issue or PR as related to a bug.
Categorizes issue or PR as related to a bug.
scan/misconfiguration
Issues relating to misconfiguration scanning
Issues relating to misconfiguration scanning
Status: Open.
Bug
#9979
In aquasecurity/trivy;
·
nikpivkin
opened
on Dec 23, 2025
·
v0.69.0
bug(license): Trivy validates SPDX licenses using the SPDX license list, but it does not apply the canonical values from that list
kind/bug
Categorizes issue or PR as related to a bug.
Categorizes issue or PR as related to a bug.
scan/license
Issues relating to license scanning
Issues relating to license scanning
Status: Open.
Bug
#9965
In aquasecurity/trivy;
·
DmitriyLewen
opened
on Dec 19, 2025
·
v0.69.0
feat(misconf): check ephemeral containers in KSV022 and KSV106
kind/feature
Categorizes issue or PR as related to a new feature.
Categorizes issue or PR as related to a new feature.
scan/misconfiguration
Issues relating to misconfiguration scanning
Issues relating to misconfiguration scanning
Status: Open.
Feature
#9936
In aquasecurity/trivy;
·
nikpivkin
opened
on Dec 12, 2025
feat(java): Support for Maven 4 settings.xml
help wanted
Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.
Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.
kind/feature
Categorizes issue or PR as related to a new feature.
Categorizes issue or PR as related to a new feature.
target/filesystem
Issues relating to filesystem scanning
Issues relating to filesystem scanning
Status: Open.
Feature
#9908
In aquasecurity/trivy;
·
knqyf263
opened
on Dec 9, 2025
misconf: Revise KSV-0022 to allow valid capabilities
scan/misconfiguration
Issues relating to misconfiguration scanning
Issues relating to misconfiguration scanning
Status: Open.
Task
#9844
In aquasecurity/trivy;
·
nikpivkin
opened
on Nov 25, 2025
enhancement(cyclonedx): use <code>component.evidence.occurrences.location</code> for filapaths and linenumber
help wanted
Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.
Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.
Status: Open.
Feature
#9832
In aquasecurity/trivy;
·
DmitriyLewen
opened
on Nov 20, 2025
fix(checks): Improve the detection logic for AVD-KSV-0050
scan/misconfiguration
Issues relating to misconfiguration scanning
Issues relating to misconfiguration scanning
Status: Open.
Bug
#9826
In aquasecurity/trivy;
·
simar7
opened
on Nov 20, 2025
feat(misconf): add support for azurerm_linux_web_app and azurerm_windows_web_app
kind/feature
Categorizes issue or PR as related to a new feature.
Categorizes issue or PR as related to a new feature.
scan/misconfiguration
Issues relating to misconfiguration scanning
Issues relating to misconfiguration scanning
Status: Open.
Feature
#9820
In aquasecurity/trivy;
·
nikpivkin
opened
on Nov 18, 2025
·
v0.69.0
bug(cyclonedx): duplicates in dependsOn array when scanned SBOM contains components with same name + version but different bomRef/SPDXID.
Status: Open.
Bug
#9815
In aquasecurity/trivy;
·
DmitriyLewen
opened
on Nov 18, 2025
You can’t perform that action at this time.